How To Find Locked Accounts In Active Directory
Active Directory auditing is an important part of ensuring compliance and the security of the IT surroundings. However, a mutual problem that Agile Directory auditors face is how to identify the source of account lockouts. If a user business relationship gets locked out for whatever reason, such as password modifications, may consequence in downtime and it can often be a fourth dimension consuming and frustrating process to get the Advertisement account re-enabled.
Follow the below steps to track locked out accounts and observe the source of Active Directory account lockouts. If you already know the lockout account in question, yous tin can start directly from step v (to rail source).
Pace 1 – Search for the DC having the PDC Emulator Part
The DC (Domain Controller) with the PDC emulator role will capture every business relationship lockout event with an event ID 4740. In case you take only ane DC then you can skip this stride.
Get-AdDomain – Running this cmdlet will search for the domain controller having the role of a PDC emulator.
Step 2 – Expect for the Event ID 4740
Open the issue log viewer of the DC. Go to the security logs, and search for the Event ID 4740.
Step 3 – Put Appropriate Filters in Place
There are suitable filters to generate a more customized report. For instance, you can search for a lockout which occurred in the concluding hour, and find the recent lockout source of a detail user.
Step 4 – Find Out the Locked Out Account Event Whose Information is Require
Click on the "Find" push in the actions pane to look for the User whose account has been locked out.
Step five – Open the Event Report, to Observe the Source of the Locked account
Here you can find the name of the user business relationship in the "Account Name", and the source of the lockout location equally well in the 'Caller Estimator Proper name' field.
How Lepide Active Directory Accountant Troubleshoots Business relationship Lockouts
Lepide Active Directory Accountant (part of Lepide Information Security Platform) generates Account Lockout Report where complete information about the event is displayed in a unmarried row. When you correct-click on whatever event, the context menu will requite you the post-obit options; "Unlock", "Reset Password" and "Investigate".
Unlock Business relationship
Click on this option to unlock the chosen user account. Once done, it shows the following message.
Reset Password
If you desire to reset the users' password, click on the "Reset Countersign" option. Enter the new password and and so ostend it. Select "User must alter countersign at the next logon" pick to force the user to modify the countersign on the next logon.
Investigate
In lodge to investigate how the user account was locked out click on the "Investigate" option in the context carte du jour. Subsequently clicking on the "Investigate" push, "Lockout Investigator" window opens up. In this window, you can click on "Generate Study" button to generate the report to view the reason behind business relationship lockout.
Source: https://www.lepide.com/how-to/identify-the-source-of-account-lockouts-in-active-directory.html
Posted by: franksconot1980.blogspot.com
0 Response to "How To Find Locked Accounts In Active Directory"
Post a Comment